[libvirt] [PATCH libguestfs 0/4] Add a libvirt backend to libguestfs.

Richard W.M. Jones rjones at redhat.com
Mon Jul 23 10:02:41 UTC 2012 

On Mon, Jul 23, 2012 at 10:45:21AM +0100, Daniel P. Berrange wrote:
> On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote:
> > On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> > > Some questions:
> > 
> > Another question ...
> > 
> > >     <channel type="unix">
> > >       <source mode="connect" path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
> > >       <target type="virtio" name="org.libguestfs.channel.0"/>
> > >     </channel>
> > 
> > This clause doesn't work when libguestfs/qemu runs as root.  As far as
> > I can tell there are a combination of three factors working against it:
> > 
> > (1) libvirt (when run as root) runs qemu as qemu.qemu.  Since this
> > user didn't have write access to the socket, it fails.  I fixed this
> > by chowning the socket.
> 
> What libvirt URI are you using ?  If libguest is running as non-root,
> then I expect you'd want to use  qemu:///session.

It's using NULL and expecting libvirt to choose the appropriate
connection URI, which does appear to work.

> Thus all files would be owned by the matching user ID, and I'd
> sugest $HOME/.libguestfs/qemu for the directory to store the sockets
> in.
>
> If libguestfs is running as root, then use qemu:///system and a socket
> under /var/lib/libguestfs/qemu/

This is fairly sucky.  We already make a temporary directory (a
randomly named subdirectory of $TMPDIR) and that seems the appropriate
place for small temporary files like sockets, especially since the
temp cleaner will clean them up properly if we don't.

> You could either use the same directory that libvirt uses for the
> main QEMU monitor socket, or preferrably define standard directories
> for libguestfs and have them added to the SELinux policy

So just so I'm completely clear about what's happening:

(1) SELinux labels are chosen based on the parent directory.

(2) By having a standard named parent directory (even $HOME/.libguestfs)
SELinux will assign the right label to a socket in this directory,
even if libguestfs is not running as root.

(3) libguestfs should not be setting labels on anything itself.

(4) If a non-root user has never run libguestfs before, then merely
the act of libguestfs doing mkdir("$HOME/.libguestfs") [as non-root]
will ensure that any sockets in this directory are labelled correctly.

Is this right?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming blog: http://rwmj.wordpress.com
Fedora now supports 80 OCaml packages (the OPEN alternative to F#)
http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora

More information about the libvir-list mailing list